QUESTION 1Your network contains an Active Directory forest that has a single domain. You have an Exchange Server 2010 organization. You plan to add a new domain to this Active Directory forest and deploy Exchange Server 2010 servers in the new domain. A user named Admin1 is a member of this Active Directory group named Organization Management. Admin1 will deploy the Exchange new domain.You need to identify the minimum permissions required to allow Admin1 to install Exchange Server 2010 servers in the new domain.Which group should you add Admin1 to?

QUESTION 2Your company has a Exchange Server 2010 organization.You plan to deploy Microsoft Office Outlook and mobile devices for remote users.You need to plan the deployment of Client Access servers to support the automatic configuration of Outlook profiles and ——–.What should you include in the plan?

QUESTION 3Your network contains an internal network and a perimeter network that are separated by firewall. The perimeter network ___________ Server 2010 Edge Transport server.You plan to deploy an internal Exchange Server 2010 organization that meets the following requirements.– Support EdgeSync synchronization– Support encrypted delivery of outbound e-mail messages to the Edge Transport server– Minimize the attack surface of the internal networkWhich TCP ports should you allow form the internal network to the perimeter network?

A. 3309 and 25B. 3309 and 636C. 50636 and 25D. 50636 and 135

Answer: CExplanation:Edge Transport Server Network Ports for EdgeSyncSecure LDAP TCP 50636 (Edgesync service over SSL) from the Hub Transport server to the Edge Transport serverFor the Edge Synchonization, the 50636 must be open for successful EdgeSync synchronization which is used for directory synchronization from Hub Transport servers to ADAM. To set up the rule, the IP address must be internal IP address between the Hub and Edge server.Edge Transport Server Network Ports for Mail FlowSMTP (TCP 25) from the Internet to the Edge Transport server SMTP (TCP 25) from the Edge Transport server to the Hub Transport server SMTP (TCP 25) from the Hub Transport server to the Edge Transport server DNS (UDP 53) from the Edge Transport server to a DNS server capable of public DNS lookups (ie to look up MX records)

QUESTION 4Your network consists of a single Active Directory site.You plan to deploy Exchange Server 2010.You need to plan the deployment of Exchange Server 2010 servers to meet the following requirements:– All Mailbox servers must belong to a database availability group (DAG)– MAPI connections from Outlook clients must be load balanced by using a hardware load balancer– If a single server fails, users must continue to send and receive e-mail– The plan must minimize the number of server deployedWhat should you include in the plan?

A. Deploy two servers. On the two servers, deploy the Mailbox server role, the Client Access server role, and the Hub Transport server role. Configure a Client Access server array.B. Deploy two servers. On the two servers, deploy the Mailbox server role, the Client Access server role, and the Hub Transport server role. Enable Outlook Anywhere on both Client Access servers.C. Deploy four servers. On two of the servers, deploy the Mailbox server role and the Hub Transport server role. On the other two servers deploy the Client Access server role. Configure a Client Access server array.D. Deploy four servers. On two of the servers, deploy the Mailbox server role. On the other two servers, deploy the Client Access server role, and the Hub Transport server role. Enable Outlook Anywhere on both Client Access servers.

Answer: AExplanation:Hardware Load Balancer for CAS array is missing.

QUESTION 5You have an Exchange Server 2010 organization that contains multiple Hub Transport servers.You need to recommend a message hygiene solution to meet the following requirements:– Block servers that are known to send spam– Minimize administrative effortWhat should you recommend?

Answer: BExplanation:IP Block List Providers are part of the connection filtering feature in Exchange. When the IP Block List Providers feature is enabled on a computer, the Connection Filter agent queries the specified IP Block List provider services to determine if the messaging server that has initiated the connection is a host that is known to send spam.http://technet.microsoft.com/en-us/library/dd351199.aspx

QUESTION 6Your network contains two Exchange Server 2010 Edge Transport server and five Exchange Server 2010 Hub Transport servers. All e-mail sent from your organization to the Internet is transferred by the Edge Transport servers.You need to recommend a security solution for the organization to meet the following requirements:– Ensure that users can send encrypted messages to any other organization on the Internet– Ensure that all Exchange related communication between Hub Transport servers and Edge Transport servers is encrypted.What should you recommend?

Answer: DExplanation:S/MIMEEncrypt mail on the client so that it’s protected before it’s ever seen by an SMTP server.That’s exactly what S/MIME does.S/MIME is a standard for public-key encryption and signatures of e-mail messages. S/MIME is a client-based encryption and signing protocol that provides end-to-end security from the sending mailbox to the receiving mailbox. Encryption is used to protect the content of a message so that only the intended recipients can read it. Signing a message means that the recipient can verify whether the message has been changed on the way from the sender to the recipient. Implementing S/MIME offers the following abilities:1- Use digital signatures as a way to prove to your communication partners that the content was not altered.2- Authenticate messages (especially for crucial functions such as when your boss approves your travel requests).3- Encrypt messages to prevent accidental disclosure of the content.You now need to send a signed email to the other user and vice versa in order for them to be able to decrypt any encrypted emails you may send them.SMTP over SSLEncryption requires the prior installation of keys at both source and destination server. Microsoft Exchange 2010 has a feature called ‘Opportunistic TLS’ which is enabled by default upon installation, this feature means Exchange 2010 will negotiate a secured SSL/TLS session wherever possible and encrypt the message. Not always.Just as you can use SSL (a close relative of TLS) to protect an HTTP session, you can use TLS with SMTP to provide both confidentiality and authentication for email traffic. With the valid SSL certificate installed you can assign it to the Exchange Server 2010 services.Choose the services to assign to the certificate. In this example the IIS and SMTP services are being assigned.Domain SecurityIf you’re planning to implement Exchange 2010 Domain Security to provide secured message paths between Exchange 2010 Edge Transport servers over the Internet, you need real certificates.You specify the domain with which you want to send domain-secured e-mail. The Contoso administrator runs the following command on an internal Exchange 2010 server. Set-TransportConfig-TLSSendDomainSecureList woodgrovebank.com

A. In each perimeter network, deploy one Edge Transport server. Implement fallover clustering.B. In each perimeter network, deploy two Edge Transport servers. Implement fallover clustering.C. In each perimeter network, deploy one Edge Transport server. Configure a mail exchange (MX) record for each server.D. In each perimeter network, deploy two Edge Transport servers. Configure a mail exchange (MX) record for each server.

Answer: CExplanation:2 total Edge servers provides the needed redundancy. 4 total servers provides greater redundancy but it’s not required.– Create 2 MX records with the same preference to distribute the load between the 2 servers– If one server fails, inbound mail still flows– If one datacenter goes down, inbound mail still flows– Minimized costs by meeting the requirements with the fewest number of servershttp://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx

QUESTION 8Your company has an Exchange 2010 organization that contains multiple Hub Transport servers.You have a line of business application that retry e-mail messages by using a Hub Transport server named Hub1. The application only supports sending e-mail to a single SMTP server.You need to ensure that the application can retry e-mail messages of Hub1 tails.What should you do?

Answer: CExplanation:Application is configured to use only Hub1 server [sort of a hardcoded config]. If Hub1 fails then application is not able to send emails. To protect the app from the Hub1 failure you have to use Load Balancer and assign Hub1 name to it. You can configure Windows Network Load Balancing (NLB) to distribute non-Exchange messages among your Hub Transport or Edge Transport servers.Configure the Receive connector, so it only listens on port 25 on the NLB cluster address.

QUESTION 9Your company has a main office and a branch office. An Active Directory site exits for each office.The offices are connected by a WAN link.You plan to deploy Exchange Server 2010 in each site.You need to identify the number of Exchange servers required to meet the following requirements:– Maintain user access to mailboxes if a single server fails– Use the minimize account of Exchange servers in each siteHow many servers should you deploy in each site?

A. 1B. 2C. 3D. 4

Answer: BExplanation:One of the great changes in Exchange 2010 over Exchange 2007 is the ability to combine both CAS & Hub roles on mailbox servers configured as DAG, this gives you the flexibility to have a highly available solution with just 2 servers. Use a hardware load balancer and configure it to load balance the CAS traffic “Web & MAPI-RPC”

QUESTION 10Your company has three offices. An Active Directory site named Site1, Site2 and Site3 exists for each office. You have an Exchange Server 2010 organization. You deploy Exchange Server 2010 server 2010 servers in Site1.You plan to deploy Exchange Server 2010 servers in Site2 and Site3.You need to recommend a solution that allows the Exchange Server 2010 servers to connect with the Exchange Server 2003 servers. You must meet the following requirements:– All e-mail messages that are sent to mailboxes on Exchange Server 2003 servers from mailboxes on Exchange Server 2010 servers delivered directly from a server in Site2.– All e-mail messages that are sent to mailboxes on Exchange Server 2010 servers from mailboxes on Exchange Server 2003 servers delivered directly to a server in Site1.What should you recommend?

A. Create two SMTP connections and one Active Directory SMTP site link.B. Create a new routing group connector and modify the default routing group connector.C. Create an X400 connector to Site1 and modify the cost value for the default routing group connector.D. Move all Exchange Server 2003 servers and Exchange Server 2010 servers to a single routing group.

Answer: BExplanation:To coexist you will need to create a routing group connector on the 2003 Exchange server. This will allow the exchange 2010 server to use the 2003 to send and receive emails. You use Routing Group connectors to connect two or more Exchange Server routing groups. You can have one routing group at the corporate office and a separate routing group at a remote office. The routing groups would be joined by a routing group connector. That connector would designate one server in each routing group as a bridgehead server. Exchange traffic flowing between routing groups can only be sent between bridgehead servers.The first routing group connector between Exchange 2010 and Exchange 2003 is created and configured during installation of the first Hub Transport server role in an existing Exchange organization. During the initialCAS/HT install it asked for a 2003 bridgehead.In Exchange 2003: